2
FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | [email protected] | www.FireEye.com 1 Revised December 23, 2014 FireEye Security Notice Statement about Network Time Protocol (NTP) Vulnerabilities: CVE 2014-9293, 2014-9294, 2014-9295, 2014-9296 Summary On December 23, 2014, a publicly disclosed vulnerability was revealed in products using NTP service prior to NTP-4.2.8. No specific vendor is specified because this is an open source protocol. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the ntpd process. http://www.kb.cert.org/vuls/id/852879 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9293 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9294 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9295 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296 What Is The Impact To FireEye Products and Services? FireEye is in the process of evaluating these set of NTP vulnerabilities’ impact to all products and services within our portfolio and patching. FireEye will provide additional details and updates when they become available for customers directly through customer support channels. FireEye will also continue to update this notice periodically as more information becomes available. This will include updates on specific products, dates for remediation (if required), and mitigating actions (if necessary). FireEye recommends following the below general best practices to limit exposure to this set of NTP vulnerabilities. Best Practices FireEye recommends that customers implement the following best practices when possible. These will help protect customers between the times when new vulnerabilities are discovered, and customers are able to update. • Disable NTPd listening services on all systems that do not require it, especially on the network perimeter. • Only use trusted NTP server and preferably an internal one.
